From: wangyingbin <wangyingbin@inspur.com>
Date: Wed, 16 Sep 2020 07:15:45 +0000 (+0800)
Subject: rgw:When KMS encryption is used and the key does not exist, we should not throw ERR_... 
X-Git-Tag: v15.2.17~90^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=bbf109de2f0e84d41f4578712bcf711fbad05c2f;p=ceph.git

rgw:When KMS encryption is used and the key does not exist, we should not throw ERR_ INVALID_ ACCESS_ Key error code.

When kms encryption is used, the key_id is null or the actual_key size is wrong, we should not throw "ERR_INVALID_ACCESS_KEY " error code, instead of "EINVAL"error code, is used to indicate parameter error.

Signed-off-by: wangyingbin <wangyingbin@inspur.com>
(cherry picked from commit 40dbc29984d67a3f4946a0b30d53f3db19952bf0)
---

diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc
index a5161e7d8fd66..a32a963f8aee6 100644
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@ -783,7 +783,7 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
 	  ldout(s->cct, 5) << "ERROR: not provide a valid key id" << dendl;
 	  s->err.message = "Server Side Encryption with KMS managed key requires "
 	    "HTTP header x-amz-server-side-encryption-aws-kms-key-id";
-	  return -ERR_INVALID_ACCESS_KEY;
+	  return -EINVAL;
 	}
 	/* try to retrieve actual key */
 	std::string key_selector = create_random_key_selector(s->cct);
@@ -798,7 +798,7 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
 	  ldout(s->cct, 5) << "ERROR: key obtained from key_id:" <<
             key_id << " is not 256 bit size" << dendl;
 	  s->err.message = "KMS provided an invalid key for the given kms-keyid.";
-	  return -ERR_INVALID_ACCESS_KEY;
+	  return -EINVAL;
 	}
 	set_attr(attrs, RGW_ATTR_CRYPT_MODE, "SSE-KMS");
 	set_attr(attrs, RGW_ATTR_CRYPT_KEYID, key_id);